--

3 Steps to a Winning Cybersecurity Team

Based on the insight and relationships developed over many years, Global Knowledge has developed a best practices model of a superior cybersecurity organization—bringing our research and experience to bear and validating against hundreds of organizations, from the largest to the smallest. In studying world-class cybersecurity organizations, Global Knowledge discovered several critical characteristics that successful cybersecurity organizations all seem to share. So how does an organization like yours build a winning cybersecurity team? Let’s dive in.

Step 1: Acknowledge that cybersecurity is a people problem, not a technology problem, and prioritize accordingly.

Many people assert that cybersecurity was not an issue before the advent of computers and networking. That’s true, as far as it goes. However, it is also true that every single cybersecurity attack has been initiated by a human, and every single mitigation and response was put in place by a human. Computers don’t attack computers unless told to do so by a human attacker. Systems don’t mount a defense unless configured to do so by a defender.

That’s not to disparage the important breakthroughs happening in cybersecurity products today. Every week there are new announcements of advanced biometric scanners, behavioral analytics and machine-learning based systems that can detect zero-day attacks. These do improve security. However, we believe that despite all of these advanced systems, there still needs to be human engagement to make a purchase decision, deploy and integrate them into a solution. This critical piece—the human—has the largest impact on return on investment (ROI) for cybersecurity success. A firewall or intrusion prevention system that has not been properly configured by a knowledgeable human will never work as intended.

The single best investment a cybersecurity team can make is in themselves. That investment in knowledge, skills and abilities amplifies the value of any technology solutions they deploy. According to the Global Knowledge IT Skills and Salary Report, we’ve seen a global rise in IT skills gaps, especially in cybersecurity. Decision-makers are struggling to hire qualified cybersecurity talent more so than any other functional area. And the shortage of cybersecurity professionals has been trending worse in recent years.

With hiring and outsourcing a major challenge, an investment in people is more important than ever. As Steven Covey observed in his book “7 Habits of Highly effective People,” you have to “Sharpen the Saw.” “Sharpen the Saw” means preserving and enhancing the greatest asset you have—you. The first step in building a winning team is prioritizing people.

As we have observed the life cycles of technology over time, there are trends in thinking about technology. Cybersecurity is no exception. It’s probably not a coincidence that over time, cybersecurity thinking has evolved similarly as military thinking. At first, cybersecurity focused on a strong “perimeter defense,” much like real-world forts and castles. The theory was that we can’t control what goes on outside the gates. We can only build strong walls (to resist direct attacks) and closely inspect anything that comes through the gates. This type of thinking led to the successful rise of firewalls (networks) and virus checkers (computers).

Later, as attackers grew more sophisticated in camouflaging their incursions, cybersecurity evolved again. In this case, although the walls and gate inspections were still present, defenders acknowledged that if intruders did manage to gain access into the secure enclave, they could then roam freely. The response was to adopt a philosophy of “defense in depth.” This model is equivalent to having guards roaming the hallways and rooms inside the castle, looking for unusual behavior from anyone. In the case of cybersecurity, this meant installing network intrusion detection systems (NIDS) on networks, and host intrusion detection systems (HIDS) on servers. This was a profound shift, from one dimensional to two dimensional thinking, and was quite successful in catching more intrusions. Now these systems not only detect, but block intrusions, making them Intrusion Prevention Systems (IPS).

The latest thinking involves the philosophy of “zero-trust” cybersecurity. This model is equivalent to locking all the rooms in the castle and only providing keys to the rooms each person needs. This lock-down model works well because, even when credentials are compromised, it limits risk exposure to minimal data and systems.

These are all strong approaches that build on each other. However, they still only operate in two dimensions (primarily technology, with a bit of policy). At Global Knowledge, we recommend a more universal approach to the problem. We believe that successful cybersecurity is a three-dimensional solution: People, Processes, and Technology. Successful cybersecurity organizations think about all three dimensions and get them right.

One dimension, as discussed previously, is technology. It’s vitally important that organizations use the best technology available to address the problem of security. Organizations need to purchase and integrate best-of-breed solutions across a wide array of technologies to have the best defensive posture.

However, the second dimension, process, is even more important. It does no good to have a leading edge IPS if it’s not configured and maintained properly. It can’t protect systems that have not been patched and updated per best practices. It certainly can’t protect against misuse of user passwords and credentials. In short, processes have to be in place before a technology solution can begin to do its job.

Finally, the most important dimension is people. Just as technology is useless without process, processes are useless without people. People need the proper knowledge, skills and abilities in order to implement and follow processes and deploy technologies. So, there are three dimensions to cybersecurity: People, Process, and Technology. The most important being the people.

Step 3: Cybersecurity is maturing into sub-specialties and professionals should develop the skills they need to “play their position.”

Automobile mechanics have specialized over the years. Now there are paint shops, transmission shops, brake shops, tire shops, etc. Even if you take your car to a full-service facility or dealership, there are still specialists working there.

In the same way, cybersecurity has grown in complexity to the point that there are sub-specialties that have emerged. In our analysis of successful cybersecurity organizations, eight specific specializations have emerged over the last few years. Very large organizations have teams in each of the eight specializations. Smaller organizations with only a few cybersecurity personnel will have one person cover more than one specialization, or outsource some, or both.

The eight specializations are:

• Architecture and Policy

• Data Loss Prevention

• Governance, Risk and Compliance

• Identity and Access Management

• Incident Response and Forensic Analysis

• Penetration Testing

• Secure DevOps

• Secure Software Development

Coming soon: Part II of this blog series will dive deeper into the eight specializations that define successful cybersecurity organizations.

Why Global Knowledge for Cybersecurity?

Global Knowledge occupies a unique position in the IT industry. As a veteran technology player, Global Knowledge has been around (much) longer than a lot of the product and services companies in the space today. We have helped professionals develop skills throughout the life cycle of many technology solutions, from routing and switching to fiber optics, and more. Over time, we’ve developed successful partnerships with many leading technology players.